I was not exactly sure how to best word my question above. I am trying not to ask a subjective question but I really want a little advice from someone who knows more about this, and have a few different questions. I am planning a new network topology and upgrades to the current network setup and began to look into firewalls. The biggest question I am having right now (since I am very inexperienced with networking) is whether or not connecting a firewall to the router is necessary. The current setup is "Modem, Router, PC's (some are wired, some are wireless)". We currently only have the windows 7 firewall's running on each individual machine and we are looking for a better way to protect all systems. The software firewall seems a lot easier to manage for me as I am the only IT person in the building and I have no experience with a hardware firewall. I am thinking about a setup as follows, "Modem, router, firewall, switch, Server and PC's". As I was looking into the SonicWall tz105, it began to look very complex and complicated especially for me since I haven't done anything with firewalls. We have about 15 PC's in the building that we are looking to implement this new network and eventually we will want to connect to one server from multiple locations. Although this can be a subjective question, is the initial setup of the firewall relatively simple if you have minimum knowledge about how everything works? We are looking for a "minimum" firewall that protects all of the PC's we aren't looking to do anything "too fancy" but the capabilities of the firewall I looked at scares me away a little bit, Dell offers a nice demo online where I played around some with the setting of the SonicWall. So, a recap, Should I look into getting a hardware firewall such as the SonicWall tz105 or do I rely on the router and windows firewall to protect all of the systems? Is a firewall something that I can setup in say an hour or so where I have a full internet connection with the firewall monitoring and protecting or is there a lot more that I need to setup before I can communicate with the internet? I know these questions are frowned upon but please bear with me, I don't know how else to find this information.
-
1A dedicated firewall for any active business network is generally considered essential. If your network is small, just get an entry-level one. That said, specific product requests are off-topic. – Hyppy Dec 03 '14 at 15:00
-
1You have a couple questions, but they're both subjective, and unanswerable by anyone but you. You wouldn't buy a $10,000 safe to protect a jar of pocket change, and you shouldn't spend more on securing your network than it's worth either, and you need to weigh the risks of getting hacked that a hardware firewall protects against (it's not 100%, but only you guys will know what the risk is). You don't **need** a hardware firewall, but it's usually a very bad idea not to have one. Likewise, ease of setup is only something you can answer - you can always hire a consultant to setup it up for you. – HopelessN00b Dec 03 '14 at 15:13
2 Answers
You can use only a firewall, not the router over.
It's like setupping a small firewall for your home usually, the sonicwall got a full webpage gui, easy to configure.
Small office I seen usually just use a firewall (like a linksys or dlink). The Sonicwall tz105 is a good choice for a small office, it's a step over the dlink and linksys.
Just be advised the tz105 is an entry level firewall too that do packet inspection (for antivirus and such), so if you got a good WAN speed over 100mbps, that firewall will choke, as the linksys not as it does not inspect anything.
- 16,300
- 4
- 26
- 48
-
So I do NOT need to use router? Something like Modem, Firewall, Switch? In the case that I get rid of the router is the Firewall performing routing functions or just the switch? – user3841709 Dec 03 '14 at 15:04
-
Your firewall (sonicwall) act as a router too, I just wonder why someone placed a router too. – yagmoth555 Dec 03 '14 at 15:38
-
Well we currently don't have a hardware firewall so what I said earlier was just me thinking that I would need a router and a firewall. Although on Dell's website they have a diagram that I just saw and it has the modem, firewall and then router. Is this just Dell trying to sell both a firewall and router to people to make more money? – user3841709 Dec 03 '14 at 15:42
-
The tz is a hardware firewall/router already. The problem is that for consumer they sell small "router", but in fact they are firewall/router. The term is misleading. Usually enterprise router just route the packet(s), unlike a firewall that protect you lan. – yagmoth555 Dec 03 '14 at 15:49
-
-
How should I configure the firewall if I have a modem/router combo? Can I still put the firewall after the modem/router or should I buy a plain dsl modem and replace the modem/router combo? – user3841709 Dec 03 '14 at 19:36
-
You can desactivate the modem/router combo, so it can act as a normal modem. Call your ISP if it's owned by them, they can do the change easily. You better read some FAQ on how to configure your router before to do so. The goal is to prevent a double NAT issue (2 router/firewall back to back) – yagmoth555 Dec 04 '14 at 01:59
-
Ok thanks for the heads up, If I switch from the modem/router combo to just a modem I shouldn't have to worry about this then should I because I would then only one piece of hardware acting as the router? – user3841709 Dec 04 '14 at 14:41
-
would be less worry as your prevent a double nat scenario, but more worry when you will do it for you as it imply you have to configure the tz. – yagmoth555 Dec 04 '14 at 14:47
Anyone answering "Do not get a firewall" will be shot down.
Entrypoint will be your Modem.
Your Firewall needs to hook in right after that and from there everything else.
There are many small Firewalls out there if it is a SonicWall or a FortiGate or a WhatEver it is called.
Your initiel installation should be done by a professional so you do not think you are save WHEN YOU ARE NOT. Lerning how to administer the Firewall after that is not very complex.
- 26
- 1
-
Thanks, if I do happen to install this myself, are there any "controlled" ways to test whether or not the firewall is protecting from viruses and malware? I obviously don't want to try to send a virus to my own computers but I was curious if there were any other methods of testing this? – user3841709 Dec 03 '14 at 15:09
-
If you're using a sonicwall, it should be perfectly possible to see what traffic its looking at and the choices its making based on browsing category and threat level. – Rob Moir Dec 03 '14 at 15:40
-
So I would basically just monitor to see if it is picking up different threat levels and blocking some things to be able to see if it is configured correctly – user3841709 Dec 03 '14 at 15:58
-
If SonicWall or FortiGate or WhatNot ... they all have standardized profiles, just like your virus scanner on your computer. That will not be the hard part. The interesting part is more likely doing the correct routing. Testing it is possible, there are some "test" viruses each retailer should be able to supply you with through support. – steffen Dec 05 '14 at 13:48